See Full Article: https://www.scworld.com/news/europol-takes-down-more-than-1000-malicious-servers-in-operation-endgame
The third phase of Operation Endgame coordinated by Europol took down more than 1,025 servers that officials said infected hundreds of thousands of victims worldwide with three leading malware strains.
Europol, the law enforcement agency of the European Union, said the most recent takedown in the ongoing campaign to disrupt the malware, botnets, and ransomware used by cybercriminals took place between Nov. 10 and Nov. 13.
Officials said a joint team of more than 100 law enforcement officers from leading EU countries, Australia, Canada, and the United States dismantled infrastructure that ran three prolific strains of malware: the infostealer, Rhadamanthys, remote access trojan VenomRAT, and the botnet Elysium.
As part of the effort, law enforcement made one arrest in Greece, which was reportedly the person responsible for the VenomRAT tool, searched 11 locations in Germany, Greece and the Netherlands (nine Dutch sites), and seized more than 20 domains...
“The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials," said Europol. "Many of the victims were not aware of the infection of their systems. The main suspect behind the infostealer had access to over 100 000 crypto wallets belonging to these victims, potentially worth millions of euros.
Michael Bell, chief executive officer of Suzu, said while takedowns are temporary because adversaries rebuild, operations like this force threat actors to invest resources in reconstitution rather than new attacks. Bell said this buys defenders time to harden systems and implement the stolen credential mitigations that organizations should already have in place.
“This is the kind of coordinated disruption we need more of, and it validates the approach we've been advocating, which is that government can't do this alone, and neither can the private sector,” said Bell.
